I have two servers A and B , i am trying to ssh from A to B using private-key and i don't want to provide password of server B.
I am trying below command for ssh ::
ssh -i <generated_private_key> <user>#<host name>
the private-key is perfectly fine. but still this command asking for password.
In order to use ssh passwordless connection you need to place the contents of ~/.ssh/id_rsa.pub (id_rsa.pub is just an example could be anything you used durring generation) of the user#local_machine to the ~/.ssh/authorized_keys of the some_user#remote_machine.
Further if other issues exist then you should check /var/log/ for the error.
Edit1:
Based on comments (thanks to #Crazy) if you used passphrase durring creation of the key then you need to recreate the key without the passphrase.
Related
I have a script which should simply copy some file from Server A to Server B. To be able to do so, during the script is running I am asked to manually type the Passphrase. My question is how can I automate that, so the Passphrase is automatically added?
scp -i ${SCPKEY} ${SCPFILETOCOPY} ${SCPUSER}#${SCPDEST}
this is an example of the command I use in the script
I couldn't find any solution on the web. I tried using the sshpass but it did not work...
The Problem is basically with the 2 side authentication.
Thank you in advance for all your help!
Provided you are using public-private key pair authentication (looking at the command you listed), then you have 2 options:
(Recommended security-wise): use ssh-agent before using your script, this way you will have to supply the key pair password just once in your interactive session. As long as the session is open, your script will run without asking for the key passphrase.
$ ssh-agent bash
$ ssh-add
Then run your script.
2. (Not recommended security-wise) Save your private key unencrypted, i.e without the passphrase, then your script will work even NOT in interactive terminal session. The downside is of course anyone who can read your dir on the server can steal the private key.
We have 2 Debian servers, one for testing and one for live. I have some scripts which should be executed to transfer data from live to test. For both the servers we use PublicKeyAuthentication where our id_rsa.pub's contents are added to authorized_keys on test server.
Even after doing this, everytime I initiate a transfer from one server to another, I am being asked for password.
I also tried calling ssh-copy-id, but that didn't help and all I got was a duplicate entry in authorized_keys.
Lastly when I try sshpass, I get the following message, and i cannot enter the password as its just a message.
sshpass -v -p 'PASS' ssh root#our_server
SSHPASS searching for password prompt using match "assword"
SSHPASS read: Enter passphrase for key '/root/.ssh/id_rsa':
Any ideas? Thanks.
From the output of sshpass, it seams that it is asking for the password of the key, not the password for the server:
Enter passphrase for key '/root/.ssh/id_rsa'
Protecting your SSH-keys with a password is a good practice, but you can not fully automate things that way, as you discovered. Depending on your situation, you can do either of the following:
Use an SSH-agent. This is a daemon that will ask your password once, and keep the private key cached until you remove it. This still has the benefit that your SSH-key is stored password-protected on disk, but you can use it as a password-less key.
This has the added benefit that you can forward SSH-agent over SSH: if you SSH from your machine to server A, and then further on to server B, this last connection can use the key stored on your machine (instead of having to copy your key to server A).
Remove the password from the key entirely (you can use ssh-keygen to change the password to be blank)
How do you execute data transfer? Is it scp? Check your system usernames, make sure public keys are installed to authorized_keys file for correct user.
I want to copy directories with scp from server A to a remote server B. As i want to do this with a script I generated a private and a public key for the server, which work fine with winScp.
but when i try to copy with shell/skript
scp -i <DIR>/key.ppk $tmpDirA/*.war $username#$server:$TmpDirB
Im getting asked for the passphrase
Enter passphrase for key '<DIR>/key.ppk'
even the passphrase was left empty when generating the keys.
both server(openSuse) have openSsh, protocol 2. and the keys are rsa-keys
This keys are not generated with the server A. Does it matter?
I cant see what point im missing. So thanks for any help.
Are you trying to use a PUTTY private key? Openssh does not support putty private key files, but PUTTYgen can export to a format openssh understands.
Are you sure ssh chooses the right key when copying?
Create a config file in ~/.ssh and define different hosts there, this ensures that ssh chooses the correct key.
Linux man page
I'm new to shellscripting (and not well traveled in the world of Linux) and are trying to get a shellscript to automaticly log into an sftp server with my given. Now this is how far I've gotten
#!/bin/bash
HOST='somehost.com'
USER='someusername'
PASSWD='somepass'
sftp $USER#$HOST
Now this is where I run into trouble. At this point I will be prompted for a password. So how do I get the script to automaticly reply with the password when prompted for it? I also tried finding a way to pass along the password with the sftp command, but with no luck. Can anyone help me figure this out?
Use this code:
#!/bin/bash
HOST='somehost.com'
USER='someusername'
PASSWD='somepass'
echo $PASSWD | sftp $USER#$HOST
It's not a good idea to include the password in a command line or such a script. Anyone who has access to the list of running processes could see your password, it could end up in your shell history and log files. So this would create a security hole.
There is more info in this thread where key based authentication is recommended over your proposed method.
Do not store passwords in script files, unless you are compulsive obsessive about keeping your permissions absolutely tight.
For all things ssh/sftp/scp, use public key authentication. Learn about the settings you can set on both the client and the server ends to make it more secure (ip restrictions, user restrictions, cipher restrictions, number of retries, number of simultaneous logins, etc) That alone should eliminate a lot of insecurity due to scripting issues.
If you absolutely must store a password in a variable, do not export it, and unset it the moment you get done using it.
on local host (where the script will be executed) generate ssh key pair:
scriptuser#scripthost:/~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/michal/.ssh/id_rsa): {press ENTER!}
(...)
copy generated public key from scripthost to the somehost.com and append it to the list of authenticated hosts:
scriptuser#scripthost:/~$ cat ~/.ssh/id_rsa.pub | ssh someuser#somehost.com 'cat >> .ssh/authorized_keys'
now you should be able to use scp or sftp without password:
scriptuser#scripthost:/~$ scp /any/local/file someuser#somehost.com:/remote/location/
use sshpass command.
you can give password along with command
system("ssh test.host.com");
its asking for permentaly add key or not ?
I want automatically it should say yes !
The fact that ssh asks if you want to connect even if the host's public key isn't checked yet is the result of having StrictHostKeyChecking ask (or yes) in your /etc/ssh/ssh_config or ~/.ssh/config. You can set it to no if you want to automatically add unknown host keys to your known_hosts file. If you don't want to make this a permanent configuration change, you can also use it on the command line:
system("ssh -o StrictHostKeyChecking=no test.host.com");
In either case, ssh will issue a warning on host key mismatches an will disable password authentication because of possible man-in-the-middle attacks. You can still login with public-key authentication.
Someone has to agree that the first key is valid. You could require users to add the pertinent information to ~/.ssh/known_hosts manually (or do it yourself).
Run the SSH Agent before you start your application and use it to add a key (option in the menu on Windows or use ssh-add from the command line on Unix).
As Nathon mentioned the right way to fix this is to get the hosts key in your list of known keys. The simple way is to ssh to the host once manually and answer yes and then the key will be cached in $HOME/.ssh/known_hosts. This has to be done for each host you will connect to and for each user that will run the program. If you have admin rights on the system your running ssh from you can also add the host keys to /etc/ssh/ssh_known_hosts to make them available to all users.
If you don't know what host the script will connect to you might need to look into a module like Expect to watch for and respond to the host key prompt. Although automating this step subverts some of the security ssh provides.